Question 1

How is customer data protected at rest and in transit?

Accepted Answer

In transit, all SDK to platform traffic uses application-layer end-to-end encryption on top of TLS: HPKE per RFC 9180 with X25519, HKDF-SHA256, and ChaCha20-Poly1305 in pre-shared-key mode, where the tenant API token is bound as the PSK. The same encrypted channel covers file attachment upload and completion, so CDNs and proxies on the path see ciphertext only. At rest, managed application data hosted at Hetzner in Germany is encrypted before it reaches object storage (client-side AES-256 for analytical storage and PostgreSQL backups). The platform holds the HPKE private key and rotates it on a 30-day schedule; the SDK fetches the public key from the discovery endpoint and has no embedded secrets. Exact key custody and rotation terms are reviewed in the data-processing agreement during procurement.

Question 2

Does Duale AI hold any formal certifications today?

Accepted Answer

No. Duale AI does not currently claim formal certification under SOC 2 (American Institute of Certified Public Accountants Trust Services Criteria), SOC 3, ISO/IEC 27001 (information security management), or the European Union Artificial Intelligence Act. No audit report, attestation, or certificate from a third-party auditor is published today. Readiness work on the security and privacy roadmap is not an audit and is not presented as one.

Question 3

How are tenants and model providers isolated?

Accepted Answer

Tenant isolation is logical and cryptographic, enforced consistently across the stack. Every NATS subject is prefixed with the tenant identifier and bound to the tenant's JWT permissions, so an SDK client cannot subscribe, publish, or enumerate outside its own tenant. PostgreSQL rows and ClickHouse spans carry tenant_id as a mandatory filter, with database-level scoping in the IAM policy engine on a default-deny baseline. Audit events use per-tenant Ed25519 keys derived through HKDF into AES-256-GCM, with tenant_id bound as additional authenticated data; deleting that key makes a tenant's records cryptographically unrecoverable. Each tenant's transit channel is also isolated by its own HPKE pre-shared key derived from the tenant API token. Model providers are configured per deployment: customers contract directly with the providers they pick (Anthropic, Bedrock, Microsoft Foundry, Vertex AI, OpenAI, others) and bring their own provider credentials. Duale AI is not a hidden bundled provider and does not introduce a shared subprocessor across tenants.

Question 4

How do we report a vulnerability or request a security review?

Accepted Answer

Send vulnerability reports to contact+security@mail.duale.ai under the responsible disclosure terms documented in the legal pages. Include reproduction steps, affected endpoint or SDK version, and your preferred contact for follow-up; good-faith research that does not exfiltrate customer data or degrade the service is welcome. The same address handles security-review requests from prospects and customers. Privacy and data-processing requests go to contact+privacy@mail.duale.ai and contact+dpa@mail.duale.ai. Subprocessor objections and other legal notices use contact+legal@mail.duale.ai. For confirmed incidents affecting customers, the legal pages document the notification timing committed in the terms (early warning within 24 hours of becoming aware, incident notification within 72 hours, final report within one month).

Question 5

What artifacts are available during a security review?

Accepted Answer

Public artifacts cover the subprocessor list, hosting and residency description, and security contact paths in the legal pages. On request and under a non-disclosure agreement, the data-processing agreement, the security questionnaire with current control statements, an architecture and data-flow summary covering the topics on this page (transit encryption, tenant isolation, audit events, retention scope), and the incident notification path are shared and scoped to the deployment under review. Duale AI does not currently publish a SOC 2 report, an ISO 27001 certificate, or a third-party penetration test summary; that work is on the readiness roadmap and is not presented as a completed audit. A software bill of materials and dependency provenance can be discussed during review based on the SDK and platform components in scope.

Review the production boundary before agents scale

Current status

Available today

Review artifacts

Certification status

No unsupported badges

Document map

Subprocessors

Data-processing agreement

ISO 27001 roadmap

EU residency map

Model provider card

AI Act references

Controls that matter for production agents

Track routed work

Separate tenants and providers

Keep project review explicit

Limit data movement

Review failures

Preserve an exit path

Data processing posture

Managed application data

Model providers

Training-use boundary

Contact paths

Security review

Privacy and data processing

Subprocessor objections

Security review questions

Review the production boundary before agents scale.